[Bug regex/26026] New: __wcrtomb called with undefined conversion state

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug regex/26026] New: __wcrtomb called with undefined conversion state

Sourceware - glibc-bugs-regex mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=26026

            Bug ID: 26026
           Summary: __wcrtomb called with undefined conversion state
           Product: glibc
           Version: 2.33
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: mbuilov at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Hi.

Please consider the following code fragment of ./posix/regcomp.c:


 392               /* ... Else catch all bytes which can start the mbchars.  */
 393               for (i = 0; i < cset->nmbchars; ++i)
 394                 {
 395                   char buf[256];
 396                   mbstate_t state;
 397                   memset (&state, '\0', sizeof (state));
 398                   if (__wcrtomb (buf, cset->mbchars[i], &state) !=
(size_t) -1)
 399                     re_set_fastmap (fastmap, icase, *(unsigned char *)
buf);


here, if __wcrtomb() fails, the variable 'state' becomes "undefined".


 400                   if ((bufp->syntax & RE_ICASE) && dfa->mb_cur_max > 1)
 401                     {
 402                       if (__wcrtomb (buf, __towlower (cset->mbchars[i]),
&state)
 403                           != (size_t) -1)


and here __wcrtomb() reuses "undefined" 'state'


 404                         re_set_fastmap (fastmap, false, *(unsigned char *)
buf);
 405                     }
 406                 }

--
You are receiving this mail because:
You are on the CC list for the bug.